[jira] Created: (OFBIZ-1106) Passwords in POS are shown in clear text

Passwords in POS are shown in clear text
----------------------------------------

                 Key: OFBIZ-1106
                 URL: https://issues.apache.org/jira/browse/OFBIZ-1106
             Project: OFBiz
          Issue Type: Improvement
          Components: pos
    Affects Versions: SVN trunk
         Environment: All
            Reporter: Chris Lombardi
            Priority: Minor


Passwords entered in the POS are displayed in the clear in the POS input panel.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux reassigned OFBIZ-1106:
--------------------------------------

    Assignee: Jacques Le Roux

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508591 ]

Jacques Le Roux commented on OFBIZ-1106:
----------------------------------------

Hi Chris,

Do you have a fix for this ? Else I will look at it but I don't know when...

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508595 ]

Chris Lombardi commented on OFBIZ-1106:
---------------------------------------

I don't currently, but I plan on working on it.



--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Shields updated OFBIZ-1106:
-------------------------------

    Attachment: SecurityEvents.patch
                Input.patch

This is a trivial workaround that makes the XEdit instance in the input area  the same color as the background when the password is being input.

This is my first patch submittal to the OFBiz project so there are bound to be many faults on my part.  I welcome all comments and criticisms.  

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535401 ]

d4n edited comment on OFBIZ-1106 at 10/16/07 9:34 PM:
--------------------------------------------------------------

I have attached Input.patch and SecurityEvents.patch files to this issue.

This is a trivial workaround that makes the input area  the same color as the background when the password is being input.

This is my first patch submittal to the OFBiz project so there are bound to be many faults on my part.  I welcome all comments and criticisms.  

      was (Author: d4n):
    This is a trivial workaround that makes the XEdit instance in the input area  the same color as the background when the password is being input.

This is my first patch submittal to the OFBiz project so there are bound to be many faults on my part.  I welcome all comments and criticisms.  
 
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Shields updated OFBIZ-1106:
-------------------------------

    Attachment:     (was: Input.patch)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Shields updated OFBIZ-1106:
-------------------------------

    Attachment:     (was: SecurityEvents.patch)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Shields updated OFBIZ-1106:
-------------------------------

    Attachment: input-contents-hidden.patch

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535401 ]

d4n edited comment on OFBIZ-1106 at 10/16/07 10:05 PM:
---------------------------------------------------------------

I have attached input-contents-hidden.patch to this issue.

This is a trivial workaround that makes the input area  the same color as the background when the password is being input.

This is my first patch submittal to the OFBiz project so there are bound to be many faults on my part.  I welcome all comments and criticisms.  

      was (Author: d4n):
    I have attached Input.patch and SecurityEvents.patch files to this issue.

This is a trivial workaround that makes the input area  the same color as the background when the password is being input.

This is my first patch submittal to the OFBiz project so there are bound to be many faults on my part.  I welcome all comments and criticisms.  
 
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535475 ]

Jacques Le Roux commented on OFBIZ-1106:
----------------------------------------

Hi Dan,

Your patch is good (just reviewed but I guess it works well, really simple), I wonder though if we should not better use the standard **** method ?

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Shields updated OFBIZ-1106:
-------------------------------

    Attachment: input-contents-hidden.patch

Great idea.   It does make it even smaller and simpler.  I have updated the patch.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Shields updated OFBIZ-1106:
-------------------------------

    Attachment:     (was: input-contents-hidden.patch)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Shields updated OFBIZ-1106:
-------------------------------

    Attachment:     (was: input-contents-hidden.patch)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Shields updated OFBIZ-1106:
-------------------------------

    Attachment: input-contents-hidden.patch

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535722 ]

Jacques Le Roux commented on OFBIZ-1106:
----------------------------------------

Either you did not understood me or you did not update the patch. I meant put * in place of char as it's traditionnaly done everywhere to let know the user he has typed a char...

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535779 ]

Dan Shields commented on OFBIZ-1106:
------------------------------------

Hi Jacques, thanks for your comments.    This patch is intended to provide a hygienic fix for the issue as stated without adding any feature.  An asterisk-echo feature can be added if necessary, but I have not heard this feature called for.  I have always assumed that asterisk-echoing software had obvious bugs, but I do not believe it is my call to make this kind of user-interface decision.  The plain and simple fact for me is that this problem has been blocking my clients from realizing the full potential of OFBiz for a long time, and it is time that there was some kind of fix in the main distribution.  If you find this at all useful, please accept it.  Either way, I will have already implemented this patch in my own deployments and I have already moved on to more important tasks.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535809 ]

Chris Lombardi commented on OFBIZ-1106:
---------------------------------------

This isn't the way I would have done it, but I hadn't thought of it either.  IMHO, this patch is a definite improvement.  Would it be possible to accept the patch and open a new jira issue to implement it as JLR suggested or with leaving the implementation open but having more crisp requirements?

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535813 ]

Chris Lombardi commented on OFBIZ-1106:
---------------------------------------

Upon reading the patch, the code seems more secure than the original description implied - making the passcode the same color as the background, whereas the code actually hides the input object.  Adding asterisks for typed keys is a small difference in opinion on implementation and some would say less secure method.  This patch definitely satisfies my requirements 100% and doesn't present any security holes that I'm aware of.

I definitely support rolling in this patch.  Thanks Dan!

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535903 ]

Jacques Le Roux commented on OFBIZ-1106:
----------------------------------------

Dan,

"I have always assumed that asterisk-echoing software had obvious bugs" this is interesting can you elaborate a bit more please ?

Have I missed something  about that point ? I see asterisk-echoing evrywhere, and I see an advantage upon your solution : the user know he is typing something.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.